Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 with transparent proxy support
  • From: Manfred Schirmer <Manfred.Schirmer@xxxxxx>
  • Date: Thu, 13 Dec 2001 18:18:37 +0100
  • Message-id: <200112131719.fBDHJDg19168@xxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Donnerstag, 13. Dezember 2001 16:16 schrieb Robert Szentmihalyi:
> Hi,
>
> I have set up a DSL router (SuSE Linux 7.3, kernel 2.4.16 +
> grsecurity-1.9) which does packet filtering with SuSEfirewall2
>
> Now, because of the problems some sites with impropery configured
> firewalls (like www.gmx.de and www.postbank.de) have with Path MTU
> discovery, I have set up squid on the router.
>
> The sites are accessible now, but I don't seem to get SuSEfirewall2
> to transparently redirect http traffic to port 3128, so that I
> don't have to configure each client to use the proxy.
>
> I set
> FW_SERVICE_SQUID="yes"
> and
> FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128"
> but it doesn't seem to help much...
> Any ideas on what I could have overlooked?

Robert,

this is a good start. Maybe you have to write
FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128
192.168.100.0/24,0/0,udp,80,3128"

Did you prepare /etc/squid.conf for transparent proxy support?
# this is needed for transparent proxy:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Have a lot of fun ...

- --
Best Regards,
Manfred Schirmer
CSE GmbH
network administrator
mailto:manfred.schirmer@xxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8GOLzQfdrwk3vCGYRAqB/AJ9P9A45k3wUWkZNidGPlnp54XO84gCeMRwj
fmWkh2utMy0IDZJsrWy6eL0=
=XLXF
-----END PGP SIGNATURE-----

< Previous Next >
References